CVE-2016-2386
SAP NetWeaver SQL Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
71.1%
p99
KEV
SÍ
9 jun 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
71.1%EPSS · 30 días71.1%
2026-06-302026-07-16
Producto
SAP / NetWeaver
Vulnerabilidad
SAP NetWeaver SQL Injection Vulnerability
Añadido a KEV
9 jun 2022
Remediar antes de
30 jun 2022
Uso conocido en ransomware
No
Descripción resumida
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2016-2386
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2020-6287—99.8%
KEV—80SAP NetWeaver Missing Authentication for Critical Function Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2016-2388—98.8%
KEV—80SAP NetWeaver Information Disclosure Vulnerability—CVE-2016-3976—98.7%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2021-38163—98.3%
KEV—79SAP NetWeaver Unrestricted File Upload Vulnerability—